Summary

This module provides authorization capabilities so that
authenticated users can be allowed or denied access to portions
of the web site by group membership. Similar functionality is
provided by mod_authz_groupfile.

The AuthDBMGroupFile directive sets the
name of a DBM file containing the list of user groups for user
authorization. File-path is the absolute path to the
group file.

The group file is keyed on the username. The value for a
user is a comma-separated list of the groups to which the users
belongs. There must be no whitespace within the value, and it
must never contain any colons.

Security

Make sure that the AuthDBMGroupFile is
stored outside the document tree of the web-server. Do
not put it in the directory that it protects.
Otherwise, clients will be able to download the
AuthDBMGroupFile unless otherwise
protected.

Combining Group and Password DBM files: In some cases it is
easier to manage a single database which contains both the
password and group details for each user. This simplifies any
support programs that need to be written: they now only have to
deal with writing to and locking a single DBM file. This can be
accomplished by first setting the group and password files to
point to the same DBM:

AuthDBMGroupFile "/www/userbase"
AuthDBMUserFile "/www/userbase"

The key for the single DBM is the username. The value consists
of

Encrypted Password : List of Groups [ : (ignored) ]

The password section contains the encrypted
password as before. This is followed by a colon and the comma
separated list of groups. Other data may optionally be left in the
DBM file after another colon; it is ignored by the authorization
module. This is what www.telescope.org uses for its combined
password and group database.

Sets the type of database file that is used to store the list
of user groups.
The default database type is determined at compile time. The
availability of other types of database files also depends on
compile-time settings.

It is crucial that whatever program you use to create your group
files is configured to use the same type of database.

Notice:This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our mailing lists.